Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444
On September 7, 2021, Microsoft announced a major security threat to its Windows Operating system. This vulnerability falls into the category of zero-day, which means it’s brand new, and no patch is currently available.
While Microsoft is diligently working on a resolve, I would advise businesses to contact their IT providers to make sure everyone is on the same page regarding safeguards and best practice workarounds.
If you are just hearing about this, you may have some unopened email updates from your MSP.
The next two sections will instruct you what to do right now and explain why you need a security-first mindset in today’s 24/7/365 digital world.
#1 - What You Need to Do (or Not Do) Right Now
Be on the lookout for emails with Word, Excel, and PowerPoint attachments from unknown sources. The new vulnerability affects Office 365 files as well as the RTF format. When you open an infected file, threat actors can hijack all of your Windows PCs.
Next malicious steps include but are not limited to ransomware extortion plots, identity theft, data loss, healthcare insurance fraud, and bank account withdrawals.
It would help if you were careful opening documents from known sources since email domains and sender identities can be easily spoofed. I still receive emails from people I haven’t spoken with in twenty years, and ninety percent of them are fraudulent.
If you receive an email with an attachment from a stranger, do not open it. Just delete the email. I’m infamous for calling known sources (friends, business partners, and relatives) just to double-check before taking further action.
Exercise extreme caution when downloading files from the Web. As per Microsoft, “…Users should heed the Protected View warnings that Word, Excel, or PowerPoint display when opening a file downloaded from the internet, and do not click the "Enable Editing" button on such files."
Learn More: Microsoft Security Vulnerability Guide
#2 – What You Need to Know about Spear Phishing
Spear phishing is a targeted attack launched by threat actors who amass a wealth of personal information through open-source intelligence in advance.
If you’re active on social media, it’s practically effortless for bad actors to capture the following details about you (and a lot more):
- Current City
- Cellphone number
- Favorite sports teams
- Relationship status
- Children and pet names
- Political Party
- Movies and bands “Likes”
- Upcoming events you’re attending
- What you grilled on The Big Green Egg last Tuesday
To make matters worse, according to Trend Micro, “Seventy percent of our email addresses can be located online.”
This creates a perfect storm for fraudsters to not only find you but also appear to be someone you know and trust.
Why do I use the word “perfect”? Over ninety percent of attacks employ this primitive methodology. A fifth-grader could figure this out!
I wouldn’t completely abandon social media. However, I would remove most of the aforementioned details ASAP and be careful what you share online.
Learn More: 13 Cyber Security Truths to Live by
To give you some perspective on the prevalence of zero-day vulnerabilities, new ones have emerged since I began writing this article. And most of them are unrelated to Microsoft.
Learn More: Published Advisories
The importance of engaging your MSP for guidance cannot be overstated. I am not sharing the following story because I want you to make system adjustments on your own. I want you to see what’s involved, so you get help from a qualified technology partner.
Learn More: The MSHTML Zero-Day Flaw
If you enjoyed this article, you will probably like the related content in our free eBook.